Care Collaborative
Feedback EvaluationAsync analysis · Transcript → LLM → PDFfeedback.carecollaborative.cloud

Feedback Evaluation Architecture

OverviewCloud ArchitectureDeployment ModelsSecurity ArchitectureUser Lifecycle
Infrastructure

Cloud Architecture

Single-binary Runtime on Operator-managed VMs with embedded Temporal orchestration, real-time WebRTC media, AI Governance proxy, and Cloudflare edge delivery — backed by Azure Flexible Server PostgreSQL.

Feedback Evaluation: Feedback Evaluation records a human-to-human session — no AI agent joins the room, and the STT → LLM → TTS pipeline is not used. Analysis is asynchronous: the transcript is sent to the LLM via AI Governance after the session ends. Dimmed nodes are not on the critical path for this use case.

Client Layer
Cloudflare Edge
Real-Time Media Plane
Operator-Managed Compute · VMs
Runtime Container (Single Binary)
Worker Pool
Azure Data Layer · Flexible Server
Identity & SSO
Monitoring & Observability
AI Services (External Cloud)
Browser
Cloudflare Pages
Desktop App
Electron · WIP
Media Client
WebRTC · SRTP
Agent CLI
Internal Only
CDN / DDoS
Edge Protection
Load Balancer
L7 Routing
Pages
Frontend Hosting
WebRTC Server
Cloud · Self-hosted
Voice Agent
Via Temporal
Media Routing
SRTP · Opus
API Server
REST · DRPC · WS
Temporal
Durable Execution
Media Server
Embedded WebRTC
AI Governance
Bridge Proxy
RBAC Engine
OPA · Rego
Tailnet
WireGuard Mesh
Auth Provider
OAuth2 · OIDC
Audit Engine
Immutable Trail
Notifications
Real-time Push
Task Workers
Durable Activities
Agent Runtime
SSH · Process
Health Monitor
Heartbeat
PostgreSQL
Main Database
Temporal DB
Workflow State
Visibility DB
Search Index
Blob Storage
Recordings
Key Vault
TLS · Secrets
Audit Logs
Activity Trail
OAuth2 / SSO
SAML · OIDC · OAuth
Azure AD / Okta
Identity Providers
Private DNS
Zone Resolution
Prometheus
Metrics Collection
OpenTelemetry
Distributed Tracing
Health Checks
Endpoint Monitor
Speech-to-Text
Real-time STT
LLM Providers
Provider Agnostic
Text-to-Speech
Voice Synthesis
Avatar Stream
Lip-sync · Video

Traffic Flow

1
Client → Cloudflare Edge
HTTPS / TLS 1.3 from browser or desktop app. Static frontend served from Cloudflare Pages. API & WebSocket requests routed via L7 Load Balancer.
2
Cloudflare → Runtime VMs
Load Balancer routes to Operator-managed VMs running the Runtime container — a single binary embedding Temporal, real-time media, and AI Governance.
3
Runtime orchestration
Temporal provides durable execution with per-org namespace isolation. AI Governance intercepts all LLM calls for budget and policy enforcement via MITM proxy.
4
Real-time media flow
WebRTC media server (cloud or self-hosted) manages voice/video rooms. Agents join via Temporal workflows, processing STT → LLM → TTS pipelines in real-time.
5
Data persistence
Three PostgreSQL databases on Azure Flexible Server — main data, Temporal workflow state, and search visibility. AES-256 encrypted, private endpoint access only.
6
External integrations
OAuth2/OIDC/SAML SSO via Auth0, Azure AD, Okta. AI providers (STT, LLM, TTS, Avatar) routed through AI Governance proxy for budget/policy enforcement.

Key Specs

EncryptionAES-256 at rest, TLS 1.3 in transit
Databases3 PostgreSQL (main, temporal, visibility)
AuthOAuth 2.0, OIDC, SAML 2.0, SSO
MediaWebRTC + SRTP + Opus
OrchestrationTemporal (per-org namespace isolation)
AI GovernanceMITM proxy, OPA policies, budget caps
SecurityDefense-in-depth, audit trail